Australian shipper Toll Group has confirmed it was the victim of a cyberattack involving ransomware known as ‘Nefilim’.
“After detecting this attack, we shut down our IT systems to mitigate the risk of further infection. Toll has refused from the outset to engage with the attacker’s ransom demands, which is consistent with the advice of cyber security experts and government authorities,” said the company in a statement.
“Our ongoing investigations have established that the attacker has accessed at least one specific corporate server. This server contains information relating to some past and present Toll employees, and details of commercial agreements with some of our current and former enterprise customers. The server in question is not designed as a repository for customer operational data.”
According to the company, the attacker downloaded some data stored on a corporate server. Toll is not aware at this time of any information from the server in question having been published.
Thomas Knudsen, Toll Group Managing Director, said that Toll was the victim of an “unscrupulous act”.
“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologize unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it,” he said.
Toll expects that it will take a number of weeks to determine more details and has begun contacting people it believes may be impacted and the firm is implementing measures to support individual online security arrangements.
Knudsen said cybercrime posed “an existential threat for organizations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combating the very real risk it presents the wider community”.
Photo courtesy Toll
